ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do. Date published...
Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. Date published : 2020-05-05 https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings. Date published : 2020-05-05 https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID. Date published : 2020-05-05 https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. Date published :...
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. Date published : 2020-05-05 https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for...
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. Date published : 2020-05-05 https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. Date published : 2020-05-05 https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. Date published : 2020-05-05 https://devel.blueonyx.it/trac/changeset/4034/ https://www.blueonyx.it/news/278/15/5209R5210R-YUM-Updates/
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. Date published : 2020-05-05 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025 https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. Date published : 2020-05-05 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QEUOHRC4EN4WZ66EVFML2UCV7ZQ63XZ/ https://github.com/go-macaron/macaron/issues/198
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. Date published :...
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. Date published : 2020-05-05 https://security.netapp.com/advisory/ntap-20200608-0001/ https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5